From mboxrd@z Thu Jan 1 00:00:00 1970 From: raptor Date: Tue, 06 May 2003 18:23:59 +0000 Subject: [LARTC] active ftp & connection tracking ? Message-Id: List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org this : iptables -A FORWARD -i internal-interface -j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -j DROP doesn't seem to work for active-ftp .. i even manualy loaded ip_conntrack_ftp but as u see it is unused : # lsmod Module Size Used by Not tainted ip_conntrack_ftp 4272 0 (unused) iptable_nat 17468 0 (autoclean) (unused) ipt_state 568 3 (autoclean) ip_conntrack 20616 3 (autoclean) [ip_conntrack_ftp iptable_nat ipt_state] ipt_LOG 3352 1 (autoclean) ipt_limit 1016 1 (autoclean) iptable_filter 1708 1 (autoclean) ip_tables 12408 7 [iptable_nat ipt_state ipt_LOG ipt_limit iptable_filter] ...... any idea why it doesn work... passive-ftp is ok. _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/